kind: Pod
apiVersion: v1
metadata:
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
    k8s-app: lb-keepalived
  name: lb-keepalived
  namespace: kube-system
spec:
  hostNetwork: true
  priorityClassName: system-cluster-critical
  containers:
  - name: lb-keepalived
    # image: osixia/keepalived:2.0.16
    image: {{ lb_keepalived_image }}
    env:
    - name: KEEPALIVED_VIRTUAL_IPS
      value: {{ KUBE_APISERVER_IP | trim }}
    - name: KEEPALIVED_INTERFACE
      value: {{ lb_keepalived_interface.stdout }}
    - name: KEEPALIVED_UNICAST_PEERS
      value: "#PYTHON2BASH:[{{ LB_KEEPALIVED_UNICAST_PEERS }}]"
    - name: KEEPALIVED_PASSWORD
      value: {{ lb_keepalived_password }}
    - name: KEEPALIVED_STATE
      value: "{{ LB_KEEPALIVED_STATE }}"
    - name: KEEPALIVED_PRIORITY
      value: "{{ LB_KEEPALIVED_PRIORITY }}"
    - name: KEEPALIVED_ROUTER_ID
      value: "{{ lb_keepalived_router_id }}"
{% if lb_kube_apiserver_healthcheck_port is defined %}
    # 检测当前节点 lb 是否存活，若不存活则重启
    livenessProbe:
      httpGet:
        path: /healthz
        port: {{ lb_kube_apiserver_healthcheck_port }}
    readinessProbe:
      httpGet:
        path: /healthz
        port: {{ lb_kube_apiserver_healthcheck_port }}
{% endif %}
    resources: {}
    securityContext:
      privileged: true
      capabilities:
        add:
        - NET_ADMIN